Statically Provisioning a MapR Volume Using the FlexVolume Plug-in (Secure Cluster)
On the cluster side its assumed "maprvolume" is already created and mounted on /maprvolume.
2) Use the
3) To check the status and step the pod is currently executing while coming up below command can be executed.
4) Once the POD is up you can login into the POD via below command.
[root@tssperf09 abizerwork]# kubectl exec -it test-secure -n mapr-system -- bash
You can designate a pre-created MapR volume for use with Kubernetes by specifying the MapR FlexVolume parameters directly inside the Pod spec. In the Pod spec, you define a Kubernetes volume and add the MapR FlexVolume information to it. You can supply path information by using the
For static provisioning, configuring a PersistentVolume has some advantages over Kubernetes volume in a Pod:
volumePath
parameter.For static provisioning, configuring a PersistentVolume has some advantages over Kubernetes volume in a Pod:
- The configuration file can be shared for use by multiple Pod specs.
- The configuration file enables the PersistentVolume to be mounted and available even when the Pod spec that references it is removed.
This blog assumes you have secure MapR cluster (running) and separate K8S cluster.
1) Below is sample yaml file to statically provision MapR Flex volume to K8S .
[root@tssperf09 abizerwork]# cat static-secure.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-secure
namespace: mapr-system
spec:
containers:
- name: mycontainer
image: docker.io/maprtech/kdf-plugin:1.0.0_029_centos7
args:
- sleep
- "1000000"
imagePullPolicy: Always
resources:
requests:
memory: "2Gi"
cpu: "500m"
volumeMounts:
- mountPath: /maprvolume1
name: maprvolume
volumes:
- name: maprvolume
flexVolume:
driver: "mapr.com/maprfs"
readOnly: true
options:
volumePath: "/maprvolume"
cluster: "cluster4"
cldbHosts: "10.10.102.95"
securityType: "secure"
ticketSecretName: "dlpocid-mapr6-ticket-secret"
ticketSecretNamespace: "mapr-system"
---
apiVersion: v1
kind: Secret
metadata:
name: dlpocid-mapr6-ticket-secret
namespace: mapr-system
type: Opaque
data:
CONTAINER_TICKET: Y2x1c3RlcjQgRGZQSVZHNmxTeXREeGI0OG9SM0RPTTNLQ0tWdG0vS0FWejB5QzFncTVlR01uS2lTRFlZZ1k1b2cxVFlFMHZ4VmczUnVyYlNXazJ0RUVHYjBrWWNLVnQ3L0xlNzJnUGZ3dzYxUWtBYmNHR2xodmpMQXo2ZlFKN1lCN3gzVGJJbzJYeHR0akVuZm1XcFFXNlNwckxMenJKa3d0VlFFZC9CMXg0amN2SlpUTytsOGdnYkJjSHpNN3dHSEFlRFowRHl3akhnMHBtNlA2WTYwRG5HS3dCMVRPd05KWlNJV1hsTGZqblhKdk5jYXpUSGlPNVo2eVhvRldQbTVZMHJndjZNUG5OT0VyekFLcDIzcmY1NUI5eGpSR0IrRmVzUXQycVZMVG45WjVDekNkQT09
[root@tssperf09 abizerwork]#
Note : In above yaml CONTAINER_TICKET is base64 format . You simple cat the user ticket and get the Encoded output.
On the cluster side its assumed "maprvolume" is already created and mounted on /maprvolume.
[root@qa102-95 ~]# maprcli volume info -name maprvolume -json
{
"timestamp":1524856259216,
"timeofday":"2018-04-27 12:10:59.216 GMT-0700 PM",
"status":"OK",
"total":1,
"data":[
{
"acl":{
"Principal":"User root",
"Allowed actions":"[dump, restore, m, a, d, fc]"
},
"creator":"root",
"aename":"root",
"aetype":"0",
"numreplicas":"3",
"minreplicas":"2",
"nsNumReplicas":"3",
"nsMinReplicas":"2",
"enforceMinReplicationForIO":"false",
"containerAllocationFactor":"0",
"reReplTimeOutSec":"0",
"criticalReReplTimeOutSec":"0",
"replicationtype":"high_throughput",
"rackpath":"/data",
"mirrorthrottle":"1",
"accesstime":"April 27, 2018",
"readonly":"0",
"mountdir":"/maprvolume",
"volumename":"maprvolume",
"mounted":1,
2) Use the
kubectl create
command with the -f
option to install static provisioner on Kubernetes cluster
[root@tssperf09 abizerwork]# kubectl create -f static-secure.yaml
pod "test-secure" created
secret "dlpocid-mapr6-ticket-secret" created
[root@tssperf09 abizerwork]#
[root@tssperf09 abizerwork]# kubectl describe pod test-secure -n mapr-system
Name: test-secure
Namespace: mapr-system
Node: tssperf10.lab/10.10.72.250
Start Time: Fri, 27 Apr 2018 12:39:26 -0600
Labels: <none>
Annotations: <none>
Status: Running
IP: 192.168.61.81
Containers:
mycontainer:
Container ID: docker://20b580111a9b3427ef005f9cbd4ec82af4f76974a36b611a93b1ed3f7659b14b
Image: docker.io/maprtech/kdf-plugin:1.0.0_029_centos7
Image ID: docker-pullable://docker.io/maprtech/kdf-plugin@sha256:eecb2d64ede9b9232b6eebf5d0cc59fe769d16aeb56467d0a00489ce7224278d
Port: <none>
Args:
sleep
1000000
State: Running
Started: Fri, 27 Apr 2018 12:39:33 -0600
Ready: True
Restart Count: 0
Requests:
cpu: 500m
memory: 2Gi
Environment: <none>
Mounts:
/maprvolume1 from maprvolume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9g8tq (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
maprvolume:
Type: FlexVolume (a generic volume resource that is provisioned/attached using an exec based plugin)
Driver: Options: %v
FSType: mapr.com/maprfs
SecretRef:
ReadOnly: <nil>
%!(EXTRA bool=true, map[string]string=map[volumePath:/maprvolume cldbHosts:10.10.102.95 cluster:cluster4 securityType:secure ticketSecretName:dlpocid-mapr6-ticket-secret ticketSecretNamespace:mapr-system]) default-token-9g8tq:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9g8tq
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned test-secure to tssperf10.lab
Normal SuccessfulMountVolume 1m kubelet, tssperf10.lab MountVolume.SetUp succeeded for volume "default-token-9g8tq"
Normal SuccessfulMountVolume 1m kubelet, tssperf10.lab MountVolume.SetUp succeeded for volume "maprvolume"
Normal Pulling 1m kubelet, tssperf10.lab pulling image "docker.io/maprtech/kdf-plugin:1.0.0_029_centos7"
Normal Pulled 1m kubelet, tssperf10.lab Successfully pulled image "docker.io/maprtech/kdf-plugin:1.0.0_029_centos7"
Normal Created 1m kubelet, tssperf10.lab Created container
Normal Started 1m kubelet, tssperf10.lab Started container
4) Once the POD is up you can login into the POD via below command.
[root@tssperf09 abizerwork]# kubectl exec -it test-secure -n mapr-system -- bash
bash-4.4# df -hP /maprvolume1
Filesystem Size Used Available Capacity Mounted on
posix-client-basic 4.3T 126.6G 4.2T 3% /maprvolume1
bash-4.4#
Note : To get more details on the logs journals has collected for the Kubelet service, run below command.
journalctl -u kubelet